Be on the Lookout for PHP compromises; Will New Anti-Spam Protocols Work?; Internet Survival Time by Sophos; phpBB: anti santy worm again ?
Late edition (Kyle Haugsness on duty):
Today's shift was really a team effort. Thanks to Swa, Lorna, Deb,
and Scott for covering different hours of the day. -Kyle
This is a call to all the network and system security folks out there...
Please be on the lookout for web-based intrusions happening in your
environments. There have recently been major vulnerabilities discovered
in phpBB and the XML_RPC libraries, which we have reported in the last
two days.
It's very likely that these vulnerabilities will be utilized to
compromise systems. Try to be vigilant about securing your environment
and reviewing your IDS alerts for attacks.
Not to be negative or anything... But it appears that the SPF (Sender
Policy Framework) and Sender-ID anti-spam approaches have been approved
as "experimental drafts" by IETF. So there is a new poll on the right
with my question. How long before the spammers defeat these methods?
Here are the relevant links:
SPF: http://www.ietf.org/internet-drafts/draft-schlitt-spf-classic-02.txt
SPF status:
https://datatracker.ietf.org/public/pidtracker.cgi?command=view_id&dTag=12662&rfc_flag=0
Sender-ID:
http://www.ietf.org/internet-drafts/draft-lyon-senderid-core-01.txt
Sender-ID status:
https://datatracker.ietf.org/public/pidtracker.cgi?command=view_id&dTag=12542&rfc_flag=0
Anti-virus company Sophos published their own statistic regarding
"internet survival time". Their number was 12 minutes. The survival
time currently reported by dshield.org is 31 minutes. Their story also
has some interesting statistics on the number of viruses in the first
half of 2005 compared to last year. But don't let it spoil your
weekend. If you are in the security field professionally, just think of
it as job security.
http://www.sophos.com/pressoffice/pressrel/uk/midyearroundup2005.html
Early edition
See also the
With the release of the latest phpBB patch, we are seeing a reappearance of what looks like anti santi worm scanning for vulnerable hosts.
If you have been broken into using this method in the recent days we'd love to have a look at the dropped files to see it this is still the anti santy worm or something using the same scanning engine.
(Swa Frantzen on early duty)
Team Effort Today
Today's shift was really a team effort. Thanks to Swa, Lorna, Deb,
and Scott for covering different hours of the day. -Kyle
Be on the Lookout for PHP compromises
This is a call to all the network and system security folks out there...
Please be on the lookout for web-based intrusions happening in your
environments. There have recently been major vulnerabilities discovered
in phpBB and the XML_RPC libraries, which we have reported in the last
two days.
It's very likely that these vulnerabilities will be utilized to
compromise systems. Try to be vigilant about securing your environment
and reviewing your IDS alerts for attacks.
Will New Anti-Spam Protocols Work?
Not to be negative or anything... But it appears that the SPF (Sender
Policy Framework) and Sender-ID anti-spam approaches have been approved
as "experimental drafts" by IETF. So there is a new poll on the right
with my question. How long before the spammers defeat these methods?
Here are the relevant links:
SPF: http://www.ietf.org/internet-drafts/draft-schlitt-spf-classic-02.txt
SPF status:
https://datatracker.ietf.org/public/pidtracker.cgi?command=view_id&dTag=12662&rfc_flag=0
Sender-ID:
http://www.ietf.org/internet-drafts/draft-lyon-senderid-core-01.txt
Sender-ID status:
https://datatracker.ietf.org/public/pidtracker.cgi?command=view_id&dTag=12542&rfc_flag=0
Internet Survival Time by Sophos
Anti-virus company Sophos published their own statistic regarding
"internet survival time". Their number was 12 minutes. The survival
time currently reported by dshield.org is 31 minutes. Their story also
has some interesting statistics on the number of viruses in the first
half of 2005 compared to last year. But don't let it spoil your
weekend. If you are in the security field professionally, just think of
it as job security.
http://www.sophos.com/pressoffice/pressrel/uk/midyearroundup2005.html
Early edition
See also the
phpBB: anti santi worm resurrection?
With the release of the latest phpBB patch, we are seeing a reappearance of what looks like anti santi worm scanning for vulnerable hosts.
If you have been broken into using this method in the recent days we'd love to have a look at the dropped files to see it this is still the anti santy worm or something using the same scanning engine.
(Swa Frantzen on early duty)
Keywords:
0 comment(s)
×
Diary Archives
Comments